Security & compliance

Your inbox contains some of your most sensitive business data. We treat it that way. InboxPilot is built on enterprise-grade security practices, maintains key compliance certifications, and gives you full control over your data at all times

Data protection
Enterprise-grade encryption protects your data at every stage – in transit and at rest.

🔑 AES-256 encryption at rest
🔑 TLS 1.3 encryption in transit
🔑 Daily encrypted backups
🔑 90-day audit logs
Compliance
Compliant with major global data protection regulations and independently certified.

🔑 SOC 2 Type II certified
🔑 GDPR compliant
🔑 CCPA / CPRA compliant
🔑 CASA certified by Google
Privacy first
Your data is yours. We access only what's needed to provide the service – nothing more.

🔑 Your data is never sold or shared
🔑 Not used to train AI models
🔑 No cross-customer data sharing
🔑 You can delete your data anytime

Certifications & standarts

InboxPilot meets rigorous security and compliance standards — independently assessed and verified.

Five security compliance badges: HIPAA Compliant with medical caduceus, ADA Tier 2 CASA Verified with handshake heart, ISO 27001 Information Security Management Certified, AICPA SOC for Service Organizations, and GDPR with a lock surrounded by yellow stars.

Built so only the right people can access your data

InboxPilot connects to your inbox using OAuth 2.0 – the same secure standard used by Google and Microsoft. We never store your email password. Access is encrypted, monitored, and logged at all times. Administrative access requires multi-factor authentication, and all user permissions follow a least-privilege model so no one can access more than their role requires.

OAuth 2.0 – no passwords stored
Multi-factor authentication (MFA) required for all admin access
Role-based access control (RBAC) with least privilege
Single sign-on (SSO) for Enterprise users
All access monitored and audit logged
24/7 real-time security monitoring
Under 1 hour incident response time, tested quarterly
Client-level data segregation – your data is isolated from other customers

We only access what we need, nothing else

InboxPilot connects to your inbox to read incoming emails and generate drafts. That's it. We don't store your email content beyond what's needed to deliver the service. We don't use your data to train AI models – ours or anyone else's. When you send data to third-party AI services like OpenAI to generate a draft, it's processed temporarily and not retained for training purposes. We have contractual agreements in place with all AI providers to enforce this.

Email content not stored beyond service delivery
Never used to train third-party AI models
Minimum necessary data sent to AI services
Contractual protections with all AI providers
Private knowledge base — isolated per customer
No cross-customer learning or data sharing
Data automatically deleted on account cancellation
You remain the sole owner of your data at all times
Data Processing Addendum (DPA)
Review our DPA for GDPR, CCPA, and other compliance requirements.
View DPA →
Privacy Policy
Learn how we collect, use, and protect your personal information.
View Privacy Policy →
Terms of Service
Review our terms and conditions for using InboxPilot services.
View Terms →
Security Measures
Detailed information about our security infrastructure and practices.
Learn More →
Infrastructure
Hosted on Google Cloud Platform

InboxPilot runs on Google Cloud Platform (GCP) – one of the most secure and compliant cloud infrastructure providers in the world. GCP data centers are built to Tier III or higher specifications with robust redundancy and uptime resilience. This means InboxPilot benefits from globally recognized security certifications including ISO/IEC 27001, SOC 1/2/3, PCI DSS, and HIPAA compliance at the infrastructure level.

Our own security practices build on top of this foundation:
🔑 Daily encrypted backups with 30-day retention
🔑 Network firewalls and intrusion detection systems
🔑 Regular penetration testing and vulnerability scanning
🔑 Annual security training for all personnel with data access
🔑 Comprehensive audit logging with 90-day retention

Questions?

We’re glad you asked.

What exactly does InboxPilot do?

InboxPilot is an AI email agent that connects to your Gmail or Outlook inbox and handles email on your behalf: labeling every incoming email automatically, drafting replies in your tone using your company's data, sending responses automatically if you choose, and running routing rules that forward, archive, or file emails based on what they are. It also includes a website chatbot that captures leads and routes them into the same dashboard.

How reliable are InboxPilot's email responses?

In auto-reply mode, every response has a confidence score. If it falls below our threshold, the email is escalated to you or your team instead of being sent. In draft mode, the threshold is lower so you can review more suggestions before sending. You stay in control.

Does InboxPilot have access to my whole email account?

InboxPilot connects to your Gmail or Outlook via OAuth and reads incoming emails to generate labels, drafts, and actions. No human reads your emails. Data is encrypted in transit and at rest. We don't store your email content beyond what's needed to generate a response, and we never share it.

Can I change my subscription plan later?

Anytime. Upgrades happen instantly; downgrades take effect at the next billing cycle.
Your data and settings stay intact no matter the tier.

How does handover to a human work?

Most emails can be handled by the AI. When a question is unclear, sensitive, or beyond what the AI can answer confidently, the system escalates it so a human can take over. The handover happens inside your existing tool – Gmail or Zendesk – and your team picks up from there.

Is my data used to train AI models?

No. Your data is never used to train external or public AI models. Each customer's data is isolated and used only to power their own InboxPilot account.

Does InboxPilot get smarter over time?

Yes. When you edit an AI draft — correcting a fact or adjusting phrasing — InboxPilot automatically learns from the change and applies it to future replies. Every correction makes the AI more accurate for your specific business.

You have been doing it manually for too long

Connect your Gmail or Outlook inbox in one click, train InboxPilot on your business data, and start receiving replies that sound exactly like you – ready to send or sent automatically.

Try with Gmail
Try with Outlook
Impress logo with a purple exclamation mark icon followed by the word 'impress' in black lowercase letters.
Product
Email Agent
Website Chatbot
AI Labeling
AI Drafting
AI Sorting
Email Actions
Zendesk Integration
Pricing
Resources
Blog
FAQ
Changelog
Security
Company
About
Contact
Privacy Policy
Terms of Service
DPA
Compare
inboxpilot vs Fyxer
inboxpilot vs Superhuman
inboxpilot vs Shortwave
inboxpilot vs Gemini
inboxpilot vs Copilot
inboxpilot vs Zapier
© 2026 InboxPilot, Inc. All rights reserved.
“My favorite subscription by far. Fresh supply of templates and ready-to-use sections that save us hours on every project. Absolute no-brainer.”
Jeremy Olley
Small Agency
best deal
Save with BYQ Supply Ultra
BYQ Supply Ultra is our premium subscription that gives you access to our templates and 1800+ copy/paste sections library for half the price.
Webflow Marketplace
1 template for $129
With byq ultra
3 templates for $46 each + 1800 sections
3 template credits every quarter
Full access to 1800+ copy paste sections library
All new templates added during your subscription
With code CRAFTED20 only $46/month for the first quarter.
Cancel anytime.
Get Nerdstack with ULTRA